Nixpkgs security tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: mediawiki

Found 5 matching suggestions

View:
Compact
Detailed
Permalink CVE-2025-6589
created 2 months, 3 weeks ago Activity log
  • Created suggestion 2 months, 3 weeks ago
With MultiBlocks enabled and a user who is suppressed via a MultiBlock, a user without 'hideuser' can see the hidden username in the BlockList

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php. This issue affects MediaWiki: >= 1.42.0.

Affected products

MediaWiki
  • ==>= 1.42.0

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers

Permalink CVE-2025-6597
created 2 months, 3 weeks ago Activity log
  • Created suggestion 2 months, 3 weeks ago
MediaWiki should not consider autocreation as login for the purposes of security reauthentication

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects MediaWiki: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0.

Affected products

MediaWiki
  • <1.39.13, 1.42.7, 1.43.2, 1.44.0

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers

Permalink CVE-2025-61639
created 2 months, 3 weeks ago Activity log
  • Created suggestion 2 months, 3 weeks ago
Suppressed blocked IP is visible in Special:BlockList, RC, and other places

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

Affected products

MediaWiki
  • <1.39.14, 1.43.4, 1.44.1

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers

Permalink CVE-2025-61634
created 2 months, 3 weeks ago Activity log
  • Created suggestion 2 months, 3 weeks ago
HTML rest endpoint needs PoolCounter and proper parser cache check

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

Affected products

MediaWiki
  • <1.39.14, 1.43.4, 1.44.1

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers

Permalink CVE-2025-61641
created 2 months, 3 weeks ago Activity log
  • Created suggestion 2 months, 3 weeks ago
API list=allpages with maxsize is making really slow queries

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

Affected products

MediaWiki
  • <1.39.14, 1.43.4, 1.44.1

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers